CVE-2020-23469

gmate v0.12+bionic contains a regular expression denial of service ReDoS vulnerability in the gedit3 plugin...

CVE-2020-23478

Leo Editor v6.2.1 was discovered to contain a regular expression denial of service ReDoS vulnerability in the component plugins/importers/dart.py...

CVE-2025-2099

A vulnerability in the preprocessstring function of the transformers.testingutils module in huggingface/transformers version v4.48.3 allows for a Regular Expression Denial of Service ReDoS attack. The regular expression used to process code blocks in docstrings contains nested quantifiers, leadin...

CVE-2025-2099

CVE-2025-2099 describes a ReDoS in huggingface/transformers v4.48.3 due to a nested-quantifier regex in preprocess_string() within transformers.testing_utils. The issue causes exponential backtracking on input with many newlines, leading to high CPU usage and potential DoS. Connected documents co...

PT-2025-21933 · Hugging Face · Transformers

Name of the Vulnerable Software and Affected Versions: huggingface/transformers version v4.48.3 Description: A vulnerability in the preprocess string function of the transformers.testing utils module allows for a Regular Expression Denial of Service ReDoS attack. The regular expression used to...

EulerOS Virtualization 2.12.0 : python3 (EulerOS-SA-2025-1572)

According to the versions of the python3 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : There is a MEDIUM severity vulnerability affecting CPython. The socket module provides a pure- Python fallback to the...

CVE-2025-24026

iTop is an web based IT Service Management tool. Versions prior to 3.2.1 are vulnerable to regular expression denial of service ReDoS that may, under some circumstances, affect iTop server. Version 3.2.1 doesn't use the affected variable in the regular expression. As a workaround, if iTop...

CVE-2025-24026

CVE-2025-24026 concerns iTop, a web-based ITSM tool. Versions prior to 3.2.1 are vulnerable to a regular expression denial of service (ReDoS) that may affect the iTop server under certain circumstances; the issue stems from using an affected variable in a regex. Version 3.2.1 does not use the vul...

CVE-2025-24026 iTop Inefficient Regular Expression Complexity vulnerability

iTop is an web based IT Service Management tool. Versions prior to 3.2.1 are vulnerable to regular expression denial of service ReDoS that may, under some circumstances, affect iTop server. Version 3.2.1 doesn't use the affected variable in the regular expression. As a workaround, if iTop...

CVE-2025-24026 iTop Inefficient Regular Expression Complexity vulnerability

iTop is an web based IT Service Management tool. Versions prior to 3.2.1 are vulnerable to regular expression denial of service ReDoS that may, under some circumstances, affect iTop server. Version 3.2.1 doesn't use the affected variable in the regular expression. As a workaround, if iTop...

PT-2025-21172 · Itop · Itop

Name of the Vulnerable Software and Affected Versions: iTop versions prior to 3.2.1 Description: The issue is related to a regular expression denial of service ReDoS that may affect the iTop server under certain circumstances. The problem arises from the use of an affected variable in a regular...

Alibaba Cloud Linux 3 : 0037: nodejs:14 (ALINUX3-SA-2023:0037)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2023:0037 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2021-35065: The glob-parent package...

PT-2025-15: Kiosk restriction bypass in RED OS

The vulnerability was identified in RedOS, versions 7.3.5-20241106.3. The discovered vulnerability in the RedOS kiosk utility due to incorrect restrictions. Exploitation of the vulnerability may allow an attacker to execute arbitrary commands on the system outside the imposed restrictions...

[SECURITY] [DLA 4163-1] rubygems security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4163-1 [email protected] https://www.debian.org/lts/security/ Lucas Kanashiro May 12, 2025 https://wiki.debian.org/LTS -...

EulerOS 2.0 SP10 : ruby (EulerOS-SA-2025-1539)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service ReDoS vulnerability exists in the UtilescapeElement method.CVE-2025-272...

EulerOS 2.0 SP10 : ruby (EulerOS-SA-2025-1538)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service ReDoS vulnerability exists in the UtilescapeElement method.CVE-2025-272...

AlmaLinux 9 : ruby:3.1 (ALSA-2025:4488)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:4488 advisory. rexml: DoS vulnerability in REXML CVE-2024-39908 rexml: rubygem-rexml: DoS when parsing an XML having many specific characters such as whitespace characte...

Oracle Linux 9 : ruby (ELSA-2025-4487)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-4487 advisory. - Fix Denial of Service in CGI::Cookie.parse. CVE-2025-27219 Resolves: RHEL-86104 - Fix ReDoS in CGI::UtilescapeElement. CVE-2025-27220 Resolves:...

ruby:3.0 security update

An update is available for module.rubygem-pg, rubygem-abrt, rubygem-pg, module.ruby, module.rubygem-abrt, ruby, rubygem-mysql2, module.rubygem-mysql2. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

ruby security update

3.0.7-165 - Fix Denial of Service in CGI::Cookie.parse. CVE-2025-27219 Resolves: RHEL-86104 - Fix ReDoS in CGI::UtilescapeElement. CVE-2025-27220 Resolves: RHEL-86130 3.0.7-164 - Undefine GC compaction methods on ppc64le. Resolves: RHEL-83136 - Fix printing warnings when using IRB from a script...